2014, Accountability, DNS and Encryption

German encrypted email service Tutanota suffers DDoS attacks

Security Affairs

SEPTEMBER 19, 2020

The popular encrypted email service Tutanota was hit with a series of DDoS attacks this week targeting its website fist and its DNS providers later. Encrypted email service, Tutanota suffered a series of DDoS attacks that initially targeted the website and later its DNS providers. ” continues the post.

DDOS

DDOS Encryption DNS Advertising

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Krebs on Security

FEBRUARY 18, 2019

” The DNS part of that moniker refers to the global “ D omain N ame S ystem ,” which serves as a kind of phone book for the Internet by translating human-friendly Web site names (example.com) into numeric Internet address that are easier for computers to manage. PASSIVE DNS.

DNS

DNS Internet Internet Government

Who’s Behind the Botnet-Based Service BHProxies?

Krebs on Security

FEBRUARY 24, 2023

The Mylobot malware includes more than 1,000 hard-coded and encrypted domain names, any one of which can be registered and used as control networks for the infected hosts. The account didn’t resume posting on the forum until April 2014. Khafagy said he couldn’t remember the name of the account he had on the forum.

Accountability

Accountability Advertising Marketing Malware

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Google Trust Services ACME API available to all users at no cost

Google Security

MAY 25, 2023

Google Trust Services now offers our ACME API to all users with a Google Cloud account (referred to as “users” here), allowing them to automatically acquire and renew publicly-trusted TLS certificates for free. ARI is an Internet Engineering Task Force (IETF) Internet Draft authored by Let’s Encrypt as an extension to the ACME protocol.

Encryption

Encryption Internet Internet DNS

Roboto, a new P2P botnet targets Linux Webmin servers

Security Affairs

NOVEMBER 21, 2019

.” The analysis of the bot revealed that it supports seven functions: reverse shell, self-uninstall, gather process’ network information, gather Bot information, execute system commands, run encrypted files specified in URLs, DDoS attack, etc. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

DDOS

DDOS System Administration Advertising DNS

INTERNET BLOCKING IN MYANMAR – SECRET BLOCK LIST AND NO MEANS TO APPEAL

Security Affairs

AUGUST 10, 2020

Our findings show that both Telenor and MPT block websites using DNS tampering. MPT is ignoring the DNS requests to the blocked domains, while Telenor is redirecting them to an IP address outside of the country. The block page uses the domain “ urlblocked.pw ” registered the 26th of March 2020 with a free Let’s encrypt certificate.

Internet

Internet Internet Telecommunications DNS

Necurs Botnet adopts a new strategy to evade detection

Security Affairs

MARCH 4, 2019

. “Most recently, Necurs has been seen pushing out infostealers and RATs, like AZOrult and FlawedAmmyy , to targeted hosts based on specific information found on infected hosts and deploying a new sophisticated.NET spamming module which can send spam using a victim’s email accounts.” ” continues the blog post.

DNS

DNS Banking Advertising Ransomware

OilRig APT group: the evolution of attack techniques over time

Security Affairs

AUGUST 7, 2019

OilRig Description : According to MITRE , OilRig is a threat group with suspected Iranian origins that has targeted Middle Eastern and international victims since at least 2014. Indeed during the group_a, the main observed delivery techniques where about Phishing (rif.T1193) and Valid Accounts (rif.T1078). Pierluigi Paganini.

Computers and Electronics

Computers and Electronics Penetration Testing DNS Phishing

Alleged Iran-linked APT groups behind global DNS Hijacking campaign

Security Affairs

JANUARY 10, 2019

Security expert uncovered a DNS hijacking campaign targeting organizations in various industries worldwide and suspects Iranian APT groups. It is interesting to note that FireEye confirmed that this campaign is different from other operations carried out by Iranian APT groups due to the use of DNS hijacking at scale.

DNS

DNS Telecommunications Government Encryption

LimeRAT spreads in the wild

Security Affairs

APRIL 9, 2019

Then, depending on the returned value, it runs a couple of privilege escalation exploits able to bypass the UAC (User Account Control) feature, a well known security mechanism introduced since Vista to avoid unauthorized system configuration changes. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->.

Malware

Malware Advertising DNS Antivirus

IT threat evolution Q3 2021

SecureList

NOVEMBER 26, 2021

In June, more than six months after DarkHalo had gone dark, we observed the DNS hijacking of multiple government zones of a CIS member state that allowed the attacker to redirect traffic from government mail servers to computers under their control – probably achieved by obtaining credentials to the control panel of the victims’ registrar.

Malware

Malware Banking Energy and Utilities Accountability

Iran-linked APT34: Analyzing the webmask project

Security Affairs

APRIL 23, 2019

Security expert Marco Ramilli published the findings of a quick analysis of the webmask project standing behind the DNS attacks implemented by APT34 (aka OilRig and HelixKitten ). Contest: Since at least 2014, an Iranian threat group tracked by FireEye as APT34 has conducted reconnaissance aligned with the strategic interests of Iran.

DNS

DNS Computers and Electronics Penetration Testing Government

Best Network Monitoring Tools for 2022

eSecurity Planet

JANUARY 26, 2022

AES-256 encryption for data at rest and TLS v1.2 The youngest of companies picked for this year’s list, Kentik has been a budding networking monitoring vendor since 2014. Reviews highlight the ease of setup and integration with standard APIs , component monitoring capabilities, and intelligent network traffic analysis.

Marketing

Marketing DDOS Threat Detection DNS

The Hacker Mind: Shellshock

ForAllSecure

MARCH 24, 2021

Vamosi: In the fall of 2014, Shellshock was publicly disclosed. Not only do I get a much faster time to market, I don’t have to worry about rolling my own encryption. Really, never roll your own encryption. Our story now skips ahead twenty years to 2014. And it's a doozy program. Just don’t. Now, what to fuzz?

Software

Software Passwords Internet Internet

The Hacker Mind: Shellshock

ForAllSecure

MARCH 24, 2021

Vamosi: In the fall of 2014, Shellshock was publicly disclosed. Not only do I get a much faster time to market, I don’t have to worry about rolling my own encryption. Really, never roll your own encryption. Our story now skips ahead twenty years to 2014. And it's a doozy program. Just don’t. Now, what to fuzz?

Software

Software Passwords Internet Internet

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Troy Hunt

JANUARY 10, 2018

It's the address on Aadhaar's Twitter account , it's the first result on a Google search and time and time again, it's promoted as the site people should go to before doing anything else Aadhaar related. But as I've written before, there's a lot more to HTTPS than simply redirecting all the traffic ). Check the registered number from: [link].

Hacking

Hacking Government Risk Encryption

Unveiling JsOutProx: A New Enterprise Grade Implant

Security Affairs

DECEMBER 20, 2019

Continuing to analyze the code, we reconstructed the approach used by the attacker to obfuscate the payload: all the necessary information has been encrypted, splitted, and then encoded in Base64 chunks stored into different structures named as “ta” , “t_ep” , “t_eq”. The “Dns” Plugin. Initialization of basic malware information.

Malware

Malware DNS Architecture Advertising

The State of Blockchain Applications in Cybersecurity

eSecurity Planet

JULY 28, 2021

Since the 1970s, Public Key Infrastructure (PKI) has offered encryption , authentication, bootstrapping, and digital signatures to secure digital communications. As encryption methods go, AES-128 and RSA-2048 are vulnerable to quantum attacks. More robust security for Domain Name Systems (DNS). Next-Generation Cryptography.

Cybersecurity

Cybersecurity Cryptocurrency Technology Energy and Utilities

Uncovering RedStinger - Undetected APT cyber operations in Eastern Europe since 2020

Malwarebytes

MAY 9, 2023

The fourth was the most interesting, because it communicates with a new Dropbox account. The configuration was encrypted, and looked like this: Config file forms the end of ntuser.dat That configuration was encrypted using AES. First of all, we see a new Dropbox account being used. The object field was also revealing.

Surveillance

Surveillance Accountability DNS Encryption

Trickbot module descriptions

SecureList

OCTOBER 19, 2021

Trickbot (aka TrickLoader or Trickster), is a successor of the Dyre banking Trojan that was active from 2014 to 2016 and performed man-in-the-browser attacks in order to steal banking credentials. Downloaded modules are encrypted, and can be decrypted with the Python script below. Trickbot was first discovered in October 2016.

Banking

Banking Passwords VPN Internet

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

Security Affairs

MARCH 6, 2019

Criminals used UPX packer to protect malware code written in Go and a RSA public certificate is hardcoded inside malware to encrypt all user’s target files. This finding results in a simple “key” to encrypt all the infected victims. However, the RSA public key used to encrypt the target files is static and hardcoded inside ransomware.

Ransomware

Ransomware Encryption Malware Cyber Attacks

Cyber CEO: The History Of Cybercrime, From 1834 To Present

Herjavec Group

AUGUST 26, 2021

They hack into their teacher’s account and leave messages making fun of him. Air Force research facility, discover a password “sniffer” has been installed onto their network, compromising more than 100 user accounts. banks using the Zeus Trojan virus to crack open bank accounts and divert money to Eastern Europe.

Cybercrime

Cybercrime Computers and Electronics Banking Hacking

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

Security Affairs

MARCH 6, 2019

Criminals used UPX packer to protect malware code written in Go and a RSA public certificate is hardcoded inside malware to encrypt all user’s target files. This finding results in a simple “key” to encrypt all the infected victims. However, the RSA public key used to encrypt the target files is static and hardcoded inside ransomware.

Ransomware

Ransomware Encryption Malware Cyber Attacks

Cyber Security Informer

German encrypted email service Tutanota suffers DDoS attacks

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Webinars

Trending Sources

Who’s Behind the Botnet-Based Service BHProxies?

Webinars

Google Trust Services ACME API available to all users at no cost

Roboto, a new P2P botnet targets Linux Webmin servers

INTERNET BLOCKING IN MYANMAR – SECRET BLOCK LIST AND NO MEANS TO APPEAL

Necurs Botnet adopts a new strategy to evade detection

OilRig APT group: the evolution of attack techniques over time

Alleged Iran-linked APT groups behind global DNS Hijacking campaign

LimeRAT spreads in the wild

IT threat evolution Q3 2021

Iran-linked APT34: Analyzing the webmask project

Best Network Monitoring Tools for 2022

The Hacker Mind: Shellshock

The Hacker Mind: Shellshock

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Unveiling JsOutProx: A New Enterprise Grade Implant

The State of Blockchain Applications in Cybersecurity

Uncovering RedStinger - Undetected APT cyber operations in Eastern Europe since 2020

Trickbot module descriptions

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

Cyber CEO: The History Of Cybercrime, From 1834 To Present

[SI-LAB] #OpJerusalem 2019 – JCry ransomware is now infecting Windows users

Stay Connected